Crossfire over messaging security
Dr. Martin Shelton
May 16, 2024
Illustration by Freedom of the Press Foundation. (CC BY 4.0)
It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.
Time for some security nerd drama, this time concerning the messaging apps Signal and Telegram. In recent weeks, Pavel Durov, the founder of messaging app Telegram, has been dialing up assertions on his competing platform about the security properties of the encrypted messaging app, Signal. Without evidence, Elon Musk, on his social platform X, also claimed there exist “known vulnerabilities” within the Signal app that are “not being addressed.”
Threats to press freedom around the world are at an all-time high. Sign up to stay up to date and take action to protect journalists and whistleblowers everywhere.
Thanks for signing up for our newsletter. You are not yet subscribed! Please check your email for a message asking you to confirm your subscription.
Signal’s President Meredith Whittaker responded to these claims, suggesting “we don’t have evidence of extant vulnerabilities and haven’t been notified of anything,” and explained how security researchers can get in touch to help the team address any security issues if they are found.
Johns Hopkins cryptography professor Matthew Green explains that “the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.” By comparison, Telegram does not provide end-to-end encryption protection by default and only offers it as an option in one-on-one “Secret Chat” mode.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin